Compare commits
3 Commits
45a03fc465
...
55a8a664b8
Author | SHA1 | Date |
---|---|---|
Rasmus Rosengren | 55a8a664b8 | 3 years ago |
Rasmus Rosengren | 8fe0751156 | 3 years ago |
Rasmus Rosengren | a3885fe5ce | 3 years ago |
@ -1,2 +1,3 @@ |
|||||||
vars/all.yml |
vars/all.yml |
||||||
.ssh |
.ssh |
||||||
|
inventory |
@ -0,0 +1,26 @@ |
|||||||
|
#!/usr/bin/env bash |
||||||
|
set -e |
||||||
|
|
||||||
|
if [ ! -f .ssh/id_ed25519.pub ]; then |
||||||
|
echo "Generating new ssh key pair..." |
||||||
|
ssh-keygen -t ed25519 -f .ssh/id_ed25519 -N "" |
||||||
|
fi |
||||||
|
|
||||||
|
echo "Installing dependencies..." |
||||||
|
ansible-galaxy install -r requirements.yml |
||||||
|
|
||||||
|
new_ip_addr=true |
||||||
|
if [ -f inventory ]; then |
||||||
|
current_ip_addr=$(cat inventory | awk 'NR==2') |
||||||
|
read -p "Target ip is $current_ip_addr, do you want to change it? (y/N): " res |
||||||
|
[[ $res =~ [Yy] ]] || new_ip_addr=false |
||||||
|
fi |
||||||
|
|
||||||
|
if $new_ip_addr; then |
||||||
|
read -p "Target ip address: " ip_addr |
||||||
|
echo "[all]" > inventory |
||||||
|
echo $ip_addr >> inventory |
||||||
|
fi |
||||||
|
|
||||||
|
echo "Running playbook, this may take 5 to 10 minutes..." |
||||||
|
ansible-playbook main.yml -k |
@ -1,33 +1,78 @@ |
|||||||
--- |
--- |
||||||
disksetup_strategy: efi_gpt_btrfs |
# --- General disk options --- |
||||||
# partitioning_priv_device_node: /dev/sda |
# Abbreviations: |
||||||
|
# * e - EFI |
||||||
|
# * g - gpt |
||||||
|
# * b - btrfs |
||||||
|
# * l - LUKS |
||||||
|
# |
||||||
|
# Available formats: |
||||||
|
# * egb |
||||||
|
# * egbl |
||||||
|
# |
||||||
|
disk_format: egbl |
||||||
|
|
||||||
# grub_theme_name: xenlism |
disk_device: /dev/sda |
||||||
|
|
||||||
# configure_root_password: password |
root_mount: /mnt |
||||||
|
|
||||||
user_name: <user_name> |
# --- Options for egbl disk format --- |
||||||
user_password: <user_password> |
# Mapper name of the luks container: |
||||||
|
disk_egbl_luks_name: "" |
||||||
|
|
||||||
hostname: <hostname> |
# Password used to encrypt the luks container: |
||||||
timezone: <timezone> |
disk_egbl_luks_password: "" |
||||||
|
|
||||||
# no other options atm |
# --- Grub theme --- |
||||||
|
# Available themes: |
||||||
|
# * xenilism |
||||||
|
# |
||||||
|
grub_theme: xenilism |
||||||
|
|
||||||
|
# --- Account options --- |
||||||
|
root_user_password: archbtw |
||||||
|
|
||||||
|
user_name: arch |
||||||
|
user_password: archbtw |
||||||
|
|
||||||
|
# --- Machine settings --- |
||||||
|
hostname: archlinux |
||||||
|
timezone: Europe/Stockholm |
||||||
|
|
||||||
|
# --- Display/windowing --- |
||||||
|
# Available display servers: |
||||||
|
# * x11 |
||||||
|
# |
||||||
|
display_server: x11 |
||||||
|
|
||||||
|
# Available display managers: |
||||||
|
# * lightdm |
||||||
|
# |
||||||
display_manager: lightdm |
display_manager: lightdm |
||||||
|
|
||||||
# no other options atm |
# Available window managers: |
||||||
|
# * i3 |
||||||
|
# |
||||||
window_manager: i3 |
window_manager: i3 |
||||||
|
|
||||||
feat_bluetooth: true |
# --- Togglable features --- |
||||||
|
feat_bluetooth: false |
||||||
|
feat_u2f: false |
||||||
|
|
||||||
mullvad_account: "<mullvad_account>" |
# --- VPN --- |
||||||
|
# Mullvad VPN account number: |
||||||
|
mullvad_account: "" |
||||||
|
|
||||||
# generate with pamu2fcfg |
# --- u2f pam --- |
||||||
|
# u2f key for the user defined above, can be generated with: |
||||||
|
# $ pamu2fcfg |
||||||
user_u2f_key: "" |
user_u2f_key: "" |
||||||
|
|
||||||
|
# Modules where u2f will be an alternative to other auth |
||||||
u2f_optional: |
u2f_optional: |
||||||
- sudo |
- sudo |
||||||
|
|
||||||
|
# Modules where u2f will be a required addition to other auth |
||||||
u2f_required: |
u2f_required: |
||||||
- su |
- su |
||||||
- login |
- system-login |
||||||
|
@ -1,5 +0,0 @@ |
|||||||
--- |
|
||||||
all: |
|
||||||
hosts: |
|
||||||
<ip_addr>: |
|
||||||
ansible_user: root |
|
@ -1,13 +0,0 @@ |
|||||||
--- |
|
||||||
base_packages_list: |
|
||||||
# Arch base packages |
|
||||||
- base |
|
||||||
- base-devel |
|
||||||
# Linux kernel |
|
||||||
- linux |
|
||||||
- linux-firmware |
|
||||||
# Additional packages that are needed for further ansible functionality |
|
||||||
- sudo |
|
||||||
- networkmanager |
|
||||||
- openssh |
|
||||||
- python |
|
@ -1,2 +0,0 @@ |
|||||||
--- |
|
||||||
configure_root_password: password |
|
@ -0,0 +1,23 @@ |
|||||||
|
--- |
||||||
|
- name: Install required packages. |
||||||
|
command: arch-chroot {{ root_mount }} pacman -Sy grub efibootmgr os-prober --noconfirm |
||||||
|
changed_when: true |
||||||
|
|
||||||
|
- name: Copy grub default config. |
||||||
|
template: |
||||||
|
src: files/grub |
||||||
|
dest: "{{ root_mount }}/etc/default/grub" |
||||||
|
owner: root |
||||||
|
group: root |
||||||
|
mode: 0644 |
||||||
|
|
||||||
|
- name: Install grub. |
||||||
|
command: |
||||||
|
cmd: arch-chroot {{ root_mount }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||||
|
creates: "{{ root_mount }}/boot/efi/EFI/grub" |
||||||
|
|
||||||
|
- name: Install theme. |
||||||
|
include_role: |
||||||
|
name: grub-theme |
||||||
|
vars: |
||||||
|
chroot: "{{ root_mount }}" |
@ -0,0 +1,22 @@ |
|||||||
|
--- |
||||||
|
# The size of the ESP partition to be created |
||||||
|
disk_egb_esp_size: "{{ 512 * 1024 * 1024 }}" |
||||||
|
|
||||||
|
# btrfs subvolumes are laid out in a flat fashion: |
||||||
|
# |
||||||
|
# toplevel (default subvolume, not mounted) |
||||||
|
# +-- @ (to be mounted at /) |
||||||
|
# +-- @home (to be mmounted at /home) |
||||||
|
# +-- ... |
||||||
|
# |
||||||
|
disk_egb_btrfs_subvolumes: "{{ disk_egb_core_btrfs_subvolumes + disk_egb_priv_extra_btrfs_subvolumes }}" |
||||||
|
|
||||||
|
# These subvolumes should always be present. DO NOT OVERRIDE. |
||||||
|
disk_egb_core_btrfs_subvolumes: |
||||||
|
- name: "@" |
||||||
|
mountpoint: / |
||||||
|
- name: "@home" |
||||||
|
mountpoint: /home |
||||||
|
|
||||||
|
# Add extra subvolumes here, beginning with an @. |
||||||
|
disk_egb_extra_btrfs_subvolumes: [] |
@ -0,0 +1,33 @@ |
|||||||
|
--- |
||||||
|
- name: Create EFI system partition |
||||||
|
parted: |
||||||
|
device: "{{ disk_device }}" |
||||||
|
state: present |
||||||
|
label: gpt |
||||||
|
number: 1 |
||||||
|
name: ESP |
||||||
|
part_start: "{{ 1024 * 1024 }}B" |
||||||
|
part_end: "{{ disk_egb_esp_size | int + 1024 * 1024 - 1 }}B" |
||||||
|
flags: |
||||||
|
- esp |
||||||
|
|
||||||
|
- name: Create root partition |
||||||
|
parted: |
||||||
|
device: "{{ disk_device }}" |
||||||
|
state: present |
||||||
|
label: gpt |
||||||
|
number: 2 |
||||||
|
name: root |
||||||
|
part_start: "{{ disk_egb_esp_size | int + 1024 * 1024 }}B" |
||||||
|
|
||||||
|
- name: Enumerate created partitions. |
||||||
|
shell: | |
||||||
|
set -e -o pipefail |
||||||
|
lsblk -n -o PATH {{ disk_device }} | tail -n +2 |
||||||
|
register: result |
||||||
|
changed_when: false |
||||||
|
|
||||||
|
- name: Assign partitions to variables. |
||||||
|
set_fact: |
||||||
|
disk_egb_esp_device_node: "{{ result.stdout_lines[0] }}" |
||||||
|
disk_egb_root_device_node: "{{ result.stdout_lines[1] }}" |
@ -0,0 +1,33 @@ |
|||||||
|
--- |
||||||
|
- name: Format the boot partition with vfat. |
||||||
|
filesystem: |
||||||
|
device: "{{ disk_egb_esp_device_node }}" |
||||||
|
state: present |
||||||
|
type: vfat |
||||||
|
|
||||||
|
- name: Format the root partition with btrfs. |
||||||
|
filesystem: |
||||||
|
device: "{{ disk_egb_root_device_node }}" |
||||||
|
state: present |
||||||
|
type: btrfs |
||||||
|
|
||||||
|
- name: Mount the default subvolume. |
||||||
|
mount: |
||||||
|
state: mounted |
||||||
|
src: "{{ disk_egb_root_device_node }}" |
||||||
|
path: "{{ root_mount }}" |
||||||
|
fstype: btrfs |
||||||
|
opts: defaults,noatime,compress=zstd |
||||||
|
|
||||||
|
- name: Create subvolumes. |
||||||
|
command: |
||||||
|
cmd: btrfs subvolume create {{ (root_mount + "/" + subvolume.name) }} |
||||||
|
creates: '{{ (root_mount + "/" + subvolume.name) }}' |
||||||
|
with_items: "{{ disk_egb_btrfs_subvolumes }}" |
||||||
|
loop_control: |
||||||
|
loop_var: subvolume |
||||||
|
|
||||||
|
- name: Unmount the default subvolume. |
||||||
|
mount: |
||||||
|
state: unmounted |
||||||
|
path: "{{ root_mount }}" |
@ -1,6 +1,6 @@ |
|||||||
GRUB_TIMEOUT=5 |
GRUB_TIMEOUT=5 |
||||||
GRUB_DISTRIBUTOR="Arch" |
GRUB_DISTRIBUTOR="Arch" |
||||||
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ bootloader_priv_luks_device_node_uuid }}:{{ partitioning_priv_luks_name }}" |
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID={{ bootloader_priv_luks_device_node_uuid }}:{{ disk_egbl_luks_name }}" |
||||||
GRUB_CMDLINE_LINUX="" |
GRUB_CMDLINE_LINUX="" |
||||||
GRUB_PRELOAD_MODULES="btrfs part_gpt" |
GRUB_PRELOAD_MODULES="btrfs part_gpt" |
||||||
GRUB_ENABLE_CRYPTODISK=y |
GRUB_ENABLE_CRYPTODISK=y |
@ -0,0 +1,34 @@ |
|||||||
|
--- |
||||||
|
- name: Install required packages. |
||||||
|
command: arch-chroot {{ root_mount }} pacman -Sy grub efibootmgr os-prober --noconfirm |
||||||
|
changed_when: true |
||||||
|
|
||||||
|
- name: Get luks device node uuid. |
||||||
|
shell: | |
||||||
|
set -e -o pipefail |
||||||
|
blkid {{ disk_egbl_luks_device_node }} -o value | head -1 |
||||||
|
register: result |
||||||
|
changed_when: false |
||||||
|
|
||||||
|
- name: Assign device node id to variable. |
||||||
|
set_fact: |
||||||
|
bootloader_priv_luks_device_node_uuid: "{{ result.stdout }}" |
||||||
|
|
||||||
|
- name: Copy grub default config. |
||||||
|
template: |
||||||
|
src: files/grub |
||||||
|
dest: "{{ root_mount }}/etc/default/grub" |
||||||
|
owner: root |
||||||
|
group: root |
||||||
|
mode: 0644 |
||||||
|
|
||||||
|
- name: Install grub. |
||||||
|
command: |
||||||
|
cmd: arch-chroot {{ root_mount }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
||||||
|
creates: "{{ root_mount }}/boot/efi/EFI/grub" |
||||||
|
|
||||||
|
- name: Install theme. |
||||||
|
include_role: |
||||||
|
name: grub-theme |
||||||
|
vars: |
||||||
|
chroot: "{{ root_mount }}" |
@ -0,0 +1,22 @@ |
|||||||
|
--- |
||||||
|
# The size of the ESP partition to be created |
||||||
|
disk_egbl_esp_size: "{{ 512 * 1024 * 1024 }}" |
||||||
|
|
||||||
|
# btrfs subvolumes are laid out in a flat fashion: |
||||||
|
# |
||||||
|
# toplevel (default subvolume, not mounted) |
||||||
|
# +-- @ (to be mounted at /) |
||||||
|
# +-- @home (to be mmounted at /home) |
||||||
|
# +-- ... |
||||||
|
# |
||||||
|
disk_egbl_btrfs_subvolumes: "{{ disk_egbl_core_btrfs_subvolumes + disk_egbl_extra_btrfs_subvolumes }}" |
||||||
|
|
||||||
|
# These subvolumes should always be present. DO NOT OVERRIDE. |
||||||
|
disk_egbl_core_btrfs_subvolumes: |
||||||
|
- name: "@" |
||||||
|
mountpoint: / |
||||||
|
- name: "@home" |
||||||
|
mountpoint: /home |
||||||
|
|
||||||
|
# Add extra subvolumes here, beginning with an @. |
||||||
|
disk_egbl_extra_btrfs_subvolumes: [] |
@ -0,0 +1,33 @@ |
|||||||
|
--- |
||||||
|
- name: Create EFI system partition |
||||||
|
parted: |
||||||
|
device: "{{ disk_device }}" |
||||||
|
state: present |
||||||
|
label: gpt |
||||||
|
number: 1 |
||||||
|
name: ESP |
||||||
|
part_start: "{{ 1024 * 1024 }}B" |
||||||
|
part_end: "{{ disk_egbl_esp_size | int + 1024 * 1024 - 1 }}B" |
||||||
|
flags: |
||||||
|
- esp |
||||||
|
|
||||||
|
- name: Create LUKS partition |
||||||
|
parted: |
||||||
|
device: "{{ disk_device }}" |
||||||
|
state: present |
||||||
|
label: gpt |
||||||
|
number: 2 |
||||||
|
name: LUKS |
||||||
|
part_start: "{{ disk_egbl_esp_size | int + 1024 * 1024 }}B" |
||||||
|
|
||||||
|
- name: Enumerate created partitions. |
||||||
|
shell: | |
||||||
|
set -e -o pipefail |
||||||
|
lsblk -n -o PATH {{ disk_device }} | tail -n +2 |
||||||
|
register: result |
||||||
|
changed_when: false |
||||||
|
|
||||||
|
- name: Assign partitions to variables. |
||||||
|
set_fact: |
||||||
|
disk_egbl_esp_device_node: "{{ result.stdout_lines[0] }}" |
||||||
|
disk_egbl_luks_device_node: "{{ result.stdout_lines[1] }}" |
@ -0,0 +1,31 @@ |
|||||||
|
--- |
||||||
|
- name: Format the boot partition with vfat. |
||||||
|
filesystem: |
||||||
|
device: "{{ disk_egbl_esp_device_node }}" |
||||||
|
state: present |
||||||
|
type: vfat |
||||||
|
|
||||||
|
- name: Format the luks container with btrfs. |
||||||
|
filesystem: |
||||||
|
device: /dev/mapper/{{ disk_egbl_luks_name }} |
||||||
|
state: present |
||||||
|
type: btrfs |
||||||
|
|
||||||
|
- name: Mount the default subvolume. |
||||||
|
mount: |
||||||
|
state: mounted |
||||||
|
src: /dev/mapper/{{ disk_egbl_luks_name }} |
||||||
|
path: "{{ root_mount }}" |
||||||
|
fstype: btrfs |
||||||
|
opts: defaults,noatime,compress=zstd |
||||||
|
|
||||||
|
- name: Create subvolumes. |
||||||
|
command: |
||||||
|
cmd: btrfs subvolume create {{ root_mount + "/" + item.name }} |
||||||
|
creates: '{{ root_mount + "/" + item.name }}' |
||||||
|
with_items: "{{ disk_egbl_btrfs_subvolumes }}" |
||||||
|
|
||||||
|
- name: Unmount the default subvolume. |
||||||
|
mount: |
||||||
|
state: unmounted |
||||||
|
path: "{{ root_mount }}" |
@ -0,0 +1,10 @@ |
|||||||
|
--- |
||||||
|
- name: Create luks container and open it. |
||||||
|
luks_device: |
||||||
|
device: "{{ disk_egbl_luks_device_node }}" |
||||||
|
state: opened |
||||||
|
name: "{{ disk_egbl_luks_name }}" |
||||||
|
type: luks1 |
||||||
|
cipher: aes-xts-plain64 |
||||||
|
hash: sha256 |
||||||
|
passphrase: "{{ disk_egbl_luks_password }}" |
@ -0,0 +1,47 @@ |
|||||||
|
--- |
||||||
|
- name: Generate fstab. |
||||||
|
include_role: |
||||||
|
name: genfstab |
||||||
|
vars: |
||||||
|
chroot: "{{ root_mount }}" |
||||||
|
|
||||||
|
- name: Check if btrfs-progs is installed. |
||||||
|
command: arch-chroot {{ root_mount }} |
||||||
|
pacman -Qk btrfs-progs |
||||||
|
register: result |
||||||
|
failed_when: false |
||||||
|
changed_when: false |
||||||
|
|
||||||
|
- name: Install btrfs-progs. |
||||||
|
command: arch-chroot {{ root_mount }} |
||||||
|
pacman -Sy btrfs-progs --noconfirm |
||||||
|
when: result.rc != 0 |
||||||
|
|
||||||
|
- name: Create crypto keyfile. |
||||||
|
shell: |
||||||
|
# yamllint disable rule:line-length |
||||||
|
cmd: | |
||||||
|
set -e -o pipefail |
||||||
|
dd bs=512 count=8 if=/dev/urandom of={{ root_mount }}/crypto_keyfile.bin |
||||||
|
echo {{ disk_egbl_luks_password }} | cryptsetup luksAddKey {{ disk_egbl_luks_device_node }} {{ root_mount }}/crypto_keyfile.bin |
||||||
|
# yamllint enable rule:line-length |
||||||
|
creates: "{{ root_mount }}/crypto_keyfile.bin" |
||||||
|
|
||||||
|
- name: Set proper permissions on crypto keyfile. |
||||||
|
file: |
||||||
|
path: "{{ root_mount }}/crypto_keyfile.bin" |
||||||
|
mode: 0000 |
||||||
|
|
||||||
|
- name: Configure mkinitcpio. |
||||||
|
mkinitcpio: |
||||||
|
state: present |
||||||
|
path: "{{ root_mount }}/etc/mkinitcpio.conf" |
||||||
|
binaries: /usr/bin/btrfs |
||||||
|
files: /crypto_keyfile.bin |
||||||
|
hooks: |
||||||
|
- encrypt |
||||||
|
- btrfs |
||||||
|
|
||||||
|
- name: Run mkinitcpio. |
||||||
|
command: arch-chroot {{ root_mount }} mkinitcpio -P |
||||||
|
changed_when: true |
@ -0,0 +1,16 @@ |
|||||||
|
--- |
||||||
|
- name: Include partitioning role for {{ disk_format }} disk format. |
||||||
|
include_role: |
||||||
|
name: "disk/{{ disk_format }}/partitioning" |
||||||
|
public: true |
||||||
|
- name: Bootstrap system with base packages. |
||||||
|
import_role: |
||||||
|
name: base_packages |
||||||
|
- name: Include postpartitioning role for {{ disk_format }} disk format. |
||||||
|
include_role: |
||||||
|
name: "disk/{{ disk_format }}/postpartitioning" |
||||||
|
public: true |
||||||
|
- name: Include bootloader role for {{ disk_format }} disk format. |
||||||
|
include_role: |
||||||
|
name: "disk/{{ disk_format }}/bootloader" |
||||||
|
public: true |
@ -1,2 +0,0 @@ |
|||||||
--- |
|
||||||
disksetup_strategy: efi_gpt_luks_btrfs |
|
@ -1,23 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Install required packages. |
|
||||||
command: arch-chroot {{ partitioning_root_mount_point }} pacman -Sy grub efibootmgr os-prober --noconfirm |
|
||||||
changed_when: true |
|
||||||
|
|
||||||
- name: Copy grub default config. |
|
||||||
template: |
|
||||||
src: files/grub |
|
||||||
dest: "{{ partitioning_root_mount_point }}/etc/default/grub" |
|
||||||
owner: root |
|
||||||
group: root |
|
||||||
mode: 0644 |
|
||||||
|
|
||||||
- name: Install grub. |
|
||||||
command: |
|
||||||
cmd: arch-chroot {{ partitioning_root_mount_point }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
|
||||||
creates: "{{ partitioning_root_mount_point }}/boot/efi/EFI/grub" |
|
||||||
|
|
||||||
- name: Install theme. |
|
||||||
include_role: |
|
||||||
name: grub-theme |
|
||||||
vars: |
|
||||||
chroot: "{{ partitioning_root_mount_point }}" |
|
@ -1,33 +0,0 @@ |
|||||||
--- |
|
||||||
##### Public variables used by the rest of the playbook ##### |
|
||||||
partitioning_root_mount_point: "/mnt" |
|
||||||
|
|
||||||
##### Private variables used only by the partitioning roles ##### |
|
||||||
|
|
||||||
# Two partitions will be created on this device node |
|
||||||
# * xxx1 will be used by /boot/efi |
|
||||||
# * xxx2 will be the root partition |
|
||||||
partitioning_priv_device_node: "/dev/sda" |
|
||||||
|
|
||||||
# The size of the ESP partition to be created |
|
||||||
partitioning_priv_esp_size: "{{ 512 * 1024 * 1024 }}" |
|
||||||
|
|
||||||
# btrfs subvolumes are laid out in a flat fashion: |
|
||||||
# |
|
||||||
# toplevel (default subvolume, not mounted) |
|
||||||
# +-- @ (to be mounted at /) |
|
||||||
# +-- @home (to be mmounted at /home) |
|
||||||
# +-- ... |
|
||||||
# |
|
||||||
# yamllint disable-line rule:line-length |
|
||||||
partitioning_priv_btrfs_subvolumes: "{{ partitioning_priv_core_btrfs_subvolumes + partitioning_priv_extra_btrfs_subvolumes }}" |
|
||||||
|
|
||||||
# These subvolumes should always be present. DO NOT OVERRIDE. |
|
||||||
partitioning_priv_core_btrfs_subvolumes: |
|
||||||
- name: "@" |
|
||||||
mountpoint: / |
|
||||||
|
|
||||||
# Other subvolumes can be added here, beginning with an @. |
|
||||||
partitioning_priv_extra_btrfs_subvolumes: |
|
||||||
- name: "@home" |
|
||||||
mountpoint: /home |
|
@ -1,33 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Create EFI system partition |
|
||||||
parted: |
|
||||||
device: "{{ partitioning_priv_device_node }}" |
|
||||||
state: present |
|
||||||
label: gpt |
|
||||||
number: 1 |
|
||||||
name: ESP |
|
||||||
part_start: "{{ 1024 * 1024 }}B" |
|
||||||
part_end: "{{ partitioning_priv_esp_size | int + 1024 * 1024 - 1 }}B" |
|
||||||
flags: |
|
||||||
- esp |
|
||||||
|
|
||||||
- name: Create root partition |
|
||||||
parted: |
|
||||||
device: "{{ partitioning_priv_device_node }}" |
|
||||||
state: present |
|
||||||
label: gpt |
|
||||||
number: 2 |
|
||||||
name: root |
|
||||||
part_start: "{{ partitioning_priv_esp_size | int + 1024 * 1024 }}B" |
|
||||||
|
|
||||||
- name: Enumerate created partitions. |
|
||||||
shell: | |
|
||||||
set -e -o pipefail |
|
||||||
lsblk -n -o PATH {{ partitioning_priv_device_node | quote }} | tail -n +2 |
|
||||||
register: _partitions |
|
||||||
changed_when: false |
|
||||||
|
|
||||||
- name: Assign partitions to variables. |
|
||||||
set_fact: |
|
||||||
partitioning_priv_esp_device_node: "{{ _partitions.stdout_lines[0] }}" |
|
||||||
partitioning_priv_root_device_node: "{{ _partitions.stdout_lines[1] }}" |
|
@ -1,31 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Format the boot partition with vfat. |
|
||||||
filesystem: |
|
||||||
device: "{{ partitioning_priv_esp_device_node }}" |
|
||||||
state: present |
|
||||||
type: vfat |
|
||||||
|
|
||||||
- name: Format the root partition with btrfs. |
|
||||||
filesystem: |
|
||||||
device: "{{ partitioning_priv_root_device_node }}" |
|
||||||
state: present |
|
||||||
type: btrfs |
|
||||||
|
|
||||||
- name: Mount the default subvolume. |
|
||||||
mount: |
|
||||||
state: mounted |
|
||||||
src: "{{ partitioning_priv_root_device_node }}" |
|
||||||
path: "{{ partitioning_root_mount_point }}" |
|
||||||
fstype: btrfs |
|
||||||
opts: defaults,noatime,compress=zstd |
|
||||||
|
|
||||||
- name: Create subvolumes. |
|
||||||
command: |
|
||||||
cmd: btrfs subvolume create {{ (partitioning_root_mount_point + "/" + item.name) }} |
|
||||||
creates: '{{ (partitioning_root_mount_point + "/" + item.name) }}' |
|
||||||
with_items: "{{ partitioning_priv_btrfs_subvolumes }}" |
|
||||||
|
|
||||||
- name: Unmount the default subvolume. |
|
||||||
mount: |
|
||||||
state: unmounted |
|
||||||
path: "{{ partitioning_root_mount_point }}" |
|
@ -1,34 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Install required packages. |
|
||||||
command: arch-chroot {{ partitioning_root_mount_point }} pacman -Sy grub efibootmgr os-prober --noconfirm |
|
||||||
changed_when: true |
|
||||||
|
|
||||||
- name: Get luks device node uuid. |
|
||||||
shell: | |
|
||||||
set -e -o pipefail |
|
||||||
blkid {{ partitioning_priv_luks_device_node }} -o value | head -1 |
|
||||||
register: _device_node_uuid |
|
||||||
changed_when: false |
|
||||||
|
|
||||||
- name: Assign device node id to variable. |
|
||||||
set_fact: |
|
||||||
bootloader_priv_luks_device_node_uuid: "{{ _device_node_uuid.stdout }}" |
|
||||||
|
|
||||||
- name: Copy grub default config. |
|
||||||
template: |
|
||||||
src: files/grub |
|
||||||
dest: "{{ partitioning_root_mount_point }}/etc/default/grub" |
|
||||||
owner: root |
|
||||||
group: root |
|
||||||
mode: 0644 |
|
||||||
|
|
||||||
- name: Install grub. |
|
||||||
command: |
|
||||||
cmd: arch-chroot {{ partitioning_root_mount_point }} grub-install --efi-directory=/boot/efi --bootloader-id=grub |
|
||||||
creates: "{{ partitioning_root_mount_point }}/boot/efi/EFI/grub" |
|
||||||
|
|
||||||
- name: Install theme. |
|
||||||
include_role: |
|
||||||
name: grub-theme |
|
||||||
vars: |
|
||||||
chroot: "{{ partitioning_root_mount_point }}" |
|
@ -1,39 +0,0 @@ |
|||||||
--- |
|
||||||
##### Public variables used by the rest of the playbook ##### |
|
||||||
partitioning_root_mount_point: "/mnt" |
|
||||||
|
|
||||||
##### Private variables used only by the partitioning roles ##### |
|
||||||
|
|
||||||
# Two partitions will be created on this device node |
|
||||||
# * xxx1 will be used by /boot/efi |
|
||||||
# * xxx2 will be a luks container, with btrfs inside |
|
||||||
partitioning_priv_device_node: "/dev/sda" |
|
||||||
|
|
||||||
# The size of the ESP partition to be created |
|
||||||
partitioning_priv_esp_size: "{{ 512 * 1024 * 1024 }}" |
|
||||||
|
|
||||||
# btrfs subvolumes are laid out in a flat fashion: |
|
||||||
# |
|
||||||
# toplevel (default subvolume, not mounted) |
|
||||||
# +-- @ (to be mounted at /) |
|
||||||
# +-- @home (to be mmounted at /home) |
|
||||||
# +-- ... |
|
||||||
# |
|
||||||
# yamllint disable-line rule:line-length |
|
||||||
partitioning_priv_btrfs_subvolumes: "{{ partitioning_priv_core_btrfs_subvolumes + partitioning_priv_extra_btrfs_subvolumes }}" |
|
||||||
|
|
||||||
# These subvolumes should always be present. DO NOT OVERRIDE. |
|
||||||
partitioning_priv_core_btrfs_subvolumes: |
|
||||||
- name: "@" |
|
||||||
mountpoint: / |
|
||||||
|
|
||||||
# Other subvolumes can be added here, beginning with an @. |
|
||||||
partitioning_priv_extra_btrfs_subvolumes: |
|
||||||
- name: "@home" |
|
||||||
mountpoint: /home |
|
||||||
|
|
||||||
# The mapper name of the luks container |
|
||||||
partitioning_priv_luks_name: cryptoroot |
|
||||||
|
|
||||||
# The password used to encrypt the luks container |
|
||||||
partitioning_priv_luks_password: password |
|
@ -1,33 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Create EFI system partition |
|
||||||
parted: |
|
||||||
device: "{{ partitioning_priv_device_node }}" |
|
||||||
state: present |
|
||||||
label: gpt |
|
||||||
number: 1 |
|
||||||
name: ESP |
|
||||||
part_start: "{{ 1024 * 1024 }}B" |
|
||||||
part_end: "{{ partitioning_priv_esp_size | int + 1024 * 1024 - 1 }}B" |
|
||||||
flags: |
|
||||||
- esp |
|
||||||
|
|
||||||
- name: Create LUKS partition |
|
||||||
parted: |
|
||||||
device: "{{ partitioning_priv_device_node }}" |
|
||||||
state: present |
|
||||||
label: gpt |
|
||||||
number: 2 |
|
||||||
name: LUKS |
|
||||||
part_start: "{{ partitioning_priv_esp_size | int + 1024 * 1024 }}B" |
|
||||||
|
|
||||||
- name: Enumerate created partitions. |
|
||||||
shell: | |
|
||||||
set -e -o pipefail |
|
||||||
lsblk -n -o PATH {{ partitioning_priv_device_node | quote }} | tail -n +2 |
|
||||||
register: _partitions |
|
||||||
changed_when: false |
|
||||||
|
|
||||||
- name: Assign partitions to variables. |
|
||||||
set_fact: |
|
||||||
partitioning_priv_esp_device_node: "{{ _partitions.stdout_lines[0] }}" |
|
||||||
partitioning_priv_luks_device_node: "{{ _partitions.stdout_lines[1] }}" |
|
@ -1,31 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Format the boot partition with vfat. |
|
||||||
filesystem: |
|
||||||
device: "{{ partitioning_priv_esp_device_node }}" |
|
||||||
state: present |
|
||||||
type: vfat |
|
||||||
|
|
||||||
- name: Format the luks container with btrfs. |
|
||||||
filesystem: |
|
||||||
device: /dev/mapper/{{ partitioning_priv_luks_name }} |
|
||||||
state: present |
|
||||||
type: btrfs |
|
||||||
|
|
||||||
- name: Mount the default subvolume. |
|
||||||
mount: |
|
||||||
state: mounted |
|
||||||
src: /dev/mapper/{{ partitioning_priv_luks_name }} |
|
||||||
path: "{{ partitioning_root_mount_point }}" |
|
||||||
fstype: btrfs |
|
||||||
opts: defaults,noatime,compress=zstd |
|
||||||
|
|
||||||
- name: Create subvolumes. |
|
||||||
command: |
|
||||||
cmd: btrfs subvolume create {{ (partitioning_root_mount_point + "/" + item.name) | quote }} |
|
||||||
creates: '{{ (partitioning_root_mount_point + "/" + item.name) | quote }}' |
|
||||||
with_items: "{{ partitioning_priv_btrfs_subvolumes }}" |
|
||||||
|
|
||||||
- name: Unmount the default subvolume. |
|
||||||
mount: |
|
||||||
state: unmounted |
|
||||||
path: "{{ partitioning_root_mount_point }}" |
|
@ -1,10 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Create luks container and open it. |
|
||||||
luks_device: |
|
||||||
device: "{{ partitioning_priv_luks_device_node }}" |
|
||||||
state: opened |
|
||||||
name: "{{ partitioning_priv_luks_name }}" |
|
||||||
type: luks1 |
|
||||||
cipher: aes-xts-plain64 |
|
||||||
hash: sha256 |
|
||||||
passphrase: "{{ partitioning_priv_luks_password }}" |
|
@ -1,47 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Generate fstab. |
|
||||||
include_role: |
|
||||||
name: genfstab |
|
||||||
vars: |
|
||||||
chroot: "{{ partitioning_root_mount_point }}" |
|
||||||
|
|
||||||
- name: Check if btrfs-progs is installed. |
|
||||||
command: arch-chroot {{ partitioning_root_mount_point }} |
|
||||||
pacman -Qk btrfs-progs |
|
||||||
register: _btrfs_progs_installed |
|
||||||
failed_when: false |
|
||||||
changed_when: false |
|
||||||
|
|
||||||
- name: Install btrfs-progs. |
|
||||||
command: arch-chroot {{ partitioning_root_mount_point }} |
|
||||||
pacman -Sy btrfs-progs --noconfirm |
|
||||||
when: _btrfs_progs_installed.rc != 0 |
|
||||||
|
|
||||||
- name: Create crypto keyfile. |
|
||||||
shell: |
|
||||||
cmd: | |
|
||||||
set -e -o pipefail |
|
||||||
dd bs=512 count=8 if=/dev/urandom of={{ partitioning_root_mount_point }}/crypto_keyfile.bin |
|
||||||
echo {{ partitioning_priv_luks_password }} \ |
|
||||||
| cryptsetup luksAddKey {{ partitioning_priv_luks_device_node }} \ |
|
||||||
{{ partitioning_root_mount_point }}/crypto_keyfile.bin |
|
||||||
creates: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" |
|
||||||
|
|
||||||
- name: Set proper permissions on crypto keyfile. |
|
||||||
file: |
|
||||||
path: "{{ partitioning_root_mount_point }}/crypto_keyfile.bin" |
|
||||||
mode: 0000 |
|
||||||
|
|
||||||
- name: Configure mkinitcpio. |
|
||||||
mkinitcpio: |
|
||||||
state: present |
|
||||||
path: "{{ partitioning_root_mount_point }}/etc/mkinitcpio.conf" |
|
||||||
binaries: /usr/bin/btrfs |
|
||||||
files: /crypto_keyfile.bin |
|
||||||
hooks: |
|
||||||
- encrypt |
|
||||||
- btrfs |
|
||||||
|
|
||||||
- name: Run mkinitcpio. |
|
||||||
command: arch-chroot {{ partitioning_root_mount_point }} mkinitcpio -P |
|
||||||
changed_when: true |
|
@ -1,16 +0,0 @@ |
|||||||
--- |
|
||||||
- name: Include partitioning role for selected partitioning strategy. |
|
||||||
include_role: |
|
||||||
name: "disksetup/{{ disksetup_strategy }}/partitioning" |
|
||||||
public: true |
|
||||||
- name: Bootstrap system with base packages. |
|
||||||
import_role: |
|
||||||
name: base_packages |
|
||||||
- name: Include postpartitioning role for selected partitioning strategy. |
|
||||||
include_role: |
|
||||||
name: "disksetup/{{ disksetup_strategy }}/postpartitioning" |
|
||||||
public: true |
|
||||||
- name: Include bootloader role for selected partitioning strategy. |
|
||||||
include_role: |
|
||||||
name: "disksetup/{{ disksetup_strategy }}/bootloader" |
|
||||||
public: true |
|
@ -1,5 +1,4 @@ |
|||||||
--- |
--- |
||||||
- name: Include display server xorg. |
- name: Include display server strategy. |
||||||
include_role: |
include_role: |
||||||
name: "display_server/xorg" |
name: "display_server/{{ display_server }}" |
||||||
public: true |
|
||||||
|
@ -1,13 +1,13 @@ |
|||||||
--- |
--- |
||||||
- name: Generate fstab. |
- name: Generate fstab. |
||||||
command: genfstab -U {{ chroot | quote }} |
command: genfstab -U {{ chroot | quote }} |
||||||
register: _fstab |
register: result |
||||||
changed_when: false |
changed_when: false |
||||||
|
|
||||||
- name: Save fstab. |
- name: Save fstab. |
||||||
copy: |
copy: |
||||||
dest: "{{ chroot | quote }}/etc/fstab" |
dest: "{{ chroot | quote }}/etc/fstab" |
||||||
content: "{{ _fstab.stdout }}" |
content: "{{ result.stdout }}" |
||||||
owner: root |
owner: root |
||||||
group: root |
group: root |
||||||
mode: 0644 |
mode: 0644 |
||||||
|
Loading…
Reference in new issue